Lucene search

[email protected]NVD:CVE-2017-16274

HistoryJan 11, 2023 - 10:15 p.m.

CVE-2017-16274

2023-01-1122:15:10

CWE-121

[email protected]

web.nvd.nist.gov

insteon hub

buffer overflow

firmware version 1012

pubnub service

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

35.2%

JSON

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the “cc” channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_u, at 0x9d017364, the value for the grp key is copied using strcpy to the buffer at $sp+0x1b4.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.

Affected configurations

Nvd

Node

insteonhub_firmwareMatch1012

AND

insteonhubMatch-

VendorProductVersionCPE
insteonhub_firmware1012cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*
insteonhub-cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
insteon	hub_firmware	1012	cpe:2.3:o:insteon:hub_firmware:1012:::::::*
insteon	hub	-	cpe:2.3:h:insteon:hub:-:::::::*

References

talosintelligence.com/vulnerability_reports/TALOS-2017-0483

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

35.2%

JSON

Related for NVD:CVE-2017-16274

cvelist1 prion1 cve1 talos1